Page 1 of 1

code not updating properly

Posted: Fri Nov 18, 2011 2:41 am
by naveendk.55
Hi,

I tried changing the password and it is not working. It will display that the password got changed successfully but it will not change it in database. Is there any mistake in below code?

Code: Select all


<?php
            			
			$password=mysql_real_escape_string($_POST['newpassword']);
			$password2=mysql_real_escape_string($_POST['confirmnewpassword']);
            
			 
			if ( strlen($password) < 5 or strlen($password) > 12 ){
			echo "Password must be more than 5 char legth and maximum 12 char lenght<BR>";
			} 
			
			if ( $password <> $password2 ){
			echo "Both passwords are not matching";
			} 
		
			if($password == $password2){
			if(mysql_query("update users set password='$password' where empid='{$_SESSION['login']}'")){
            echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 months for better security</center></font>";
}
			else{
			echo mysql_error();
}  	
			
			} 		


Re: code not updating properly

Posted: Fri Nov 18, 2011 6:21 am
by Celauran
At a glance, the query looks OK. Have you tried echoing the query? If $_SESSION['login'] doesn't contain a value (did you remember session_start()?) then you'll run into problems.

Also, it looks like you're storing passwords in plain text in your database. Don't do this.

Re: code not updating properly

Posted: Fri Nov 18, 2011 7:01 am
by naveendk.55
You're absolutely right. The session is only outputing a single numeric digit.

Yes, session is started at the start of the page. Below is the code that first starts holding the session. Could you please check if I'm making any error while creating a session? All my user ids are 10 digit numeric code. When I tried echoing the session it only showed one digit and not the ten digit code.

Code: Select all

<?php session_start(); ?>
<?php include_once("includes/connections.php"); ?> 
<?php include_once("functions/funphp.php"); ?>
<?php

if (isset($_POST['password']) && isset($_POST['login'])) // if the password is set then the  form has been submitted on login.php page
{

 $login =  mysql_real_escape_string($_POST['login']);
 $password = mysql_real_escape_string($_POST['password']);
 $qstr = "SELECT * from users where empid='$login' and password ='$password'";

 $result = mysql_query($qstr);
 $_SESSION['login']=$login['login'];
 $_SESSION['username'] = $username['username'];
 if (mysql_num_rows($result)==1)  
  {

     redirect("home.php");
 }
 else
 {
     echo "<font color=#000000><b>Invalid User Name or Password. <a href=index.php> Click here</a> to go back to the login screen </a></Center></font>";
	 
}
 mysql_close();
}
?>




Re: code not updating properly

Posted: Fri Nov 18, 2011 7:06 am
by Celauran

Code: Select all

$_SESSION['login']=$login['login'];
$_SESSION['username'] = $username['username'];
This doesn't look right. I don't see $username defined anywhere and $login is a string, not an array, so you should use

Code: Select all

$_SESSION['login'] = $login;